I am having some trouble creating a two-way domain trust account
between Samba3 and Windows 2000 Server.
The Windows 2000 server is an AD domain controller, and my Samba 3
server has an LDAP backend and is running on Ubuntu 9.04 64bit. Samba
3 is acting as the WINS server, and the Windows server has been
pointed to the samba server for WINS in the TCP/IP settings on the
network adapter.
I have created the interdomain trust accounts on the Linux side by
issuing the following commands.
> net rpc trustdom add W2KDOMAIN password -Uroot
Enter root's password:********
> net rpc trustdom add SAMBADOMAIN password -S W2KSERVER -U
administrator
Enter administrator's password:********
[2009/10/12 13:46:15, 0] utils/net_rpc.c:rpc_trustdom_add_internals
(5277)
Could not set trust account password: NT_STATUS_ACCESS_DENIED
Once performing those commands, I can see that a user called w2kdomain
$ has been created in LDAP, and a user called SAMBADOMAIN$ has been
created in active directory. Since the error message concerning the
trust password appeared, I will manually change the password of the
user sambadomain$ in AD Users and Computers.
At this stage, if I execute
> net rpc trustdom list
Enter root's password:
Trusted domains list:
none
Trusting domains list:
Unable to find a suitable server for domain W2KDOMAIN
domain controller is not responding: NT_STATUS_UNSUCCESSFUL
W2KDOMAIN
If I go into AD Domains and Trusts on the Windows server, and create a
"Domains trusted by this domain", it works as advertised. At this
point I seem to be able to connect to shares located on the windows
domain from computers on the samba domain.
If I create a "Domains that trust this domain", ask it to verify the
trust and supply the samba root password, I get a message that "Active
Directory cannot verify the trust" blah blah "The error returned was:
The specified domain either does not exist or could not be contacted"
That error implies that the Windows server does not know how to
contact the samba domain controller, but if I go to a command prompt
and run "net view /domain:SAMBADOMAIN", it shows the domain, and the
samba domain controller.
I am a little unsure as to how to proceed. I am sure the documentation
out there will make complete sense once I figure it out, but at the
moment, I am struggling.
Any help would be appreciated.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
